Department of Homeland Security Daily Open Source Infrastructure Report

Friday, July 24, 2009

Complete DHS Daily Report for July 24, 2009

Daily Report

Top Stories

 The Wall Street Journal reports that a U.S. citizen pleaded guilty earlier this year to providing material support to al Qaeda, including information about the New York transit system and Long Island Railroad, according to court documents unsealed Wednesday in Brooklyn federal court. (See item 12)

12. July 23, Wall Street Journal – (New York) U.S. citizen admits al Qaeda ties. A U.S. citizen pleaded guilty earlier this year to attempting to kill American soldiers overseas and providing material support to al Qaeda, including information about the New York transit system, according to court documents unsealed July 22 in Brooklyn federal court. The U.S. citizen, 26 years old, born in the New York borough of Queens, became an al Qaeda militant after receiving training from the terrorist organization outside the U.S., according to criminal charges brought by the U.S. attorney in Brooklyn. The militant is cooperating with authorities and provided them with information about possible terror plots on rail targets in New York, according to a person familiar with the matter. Also, an affidavit he has provided is expected to be entered in court in Belgium as part of a different terrorism case. In another indication of cooperation, he has waived his right to an indictment by a grand jury and pleaded guilty in January to charges brought directly by the government. A sentencing date has not been set, typically a sign prosecutors want to wait until criminal cases against others are completed so a defendant can receive credit for cooperation. He has admitted he attempted to fire rockets at a U.S. military base in Afghanistan last September, according to the documents. He was apprehended in Pakistan in November and currently is in custody in New York, said people familiar with the matter. Court documents say he received training from al Qaeda between March and August of last year, and also provided the group with “specialized knowledge” of the New York transit system and Long Island Railroad. The Metropolitan Transit Authority of New York, which said he has never been an employee, said it has been cooperating with authorities, and that there was “never an imminent threat to the system.” Source:

 The Harrisonburg Daily News Record reports that at least 23 employees at the Perdue poultry plant in Bridgewater, Virginia were taken to a hospital after inhaling low levels of ammonia Wednesday night. A valve on the plant’s rooftop malfunctioned, and the chemical leaked onto the roof. (See item 17)

17. July 23, Harrisonburg Daily News Record – (Virginia) Ammonia leak at Perdue plant sends 23 to RMH. At least 23 employees at the Perdue poultry plant in Bridgewater, Virginia were taken to Rockingham Memorial Hospital after inhaling low levels of ammonia the night of July 22. Emergency crews were called to Perdue Farms Inc. on North Main Street around 8:30 p.m. A valve on the plant’s rooftop malfunctioned, and the chemical leaked onto the roof, said the chief of Rockingham County Fire and Rescue. Fumes were pulled into the ventilation system and dispersed inside the plant. The patients were in good condition, and no serious medical problems were reported, the chief added. Everyone inside the plant was evacuated, the chief said, but he did not have an exact number. The remaining employees were later let back in. In addition to Rockingham County, fire and rescue crews from Bridgewater, Harrisonburg, Mount Solon, Clover Hill and Weyers Cave responded. Source:


Banking and Finance Sector

11. July 22, Atlanta Business Chronicle – (Georgia) Atlanta man guilty in Internet fraud case. A resident of Atlanta pleaded guilty on July 22 to conspiracy to commit mail and wire fraud and one count of wire fraud for running an Internet scheme that stole $5 million from people who needed loans or venture capital. The 51-year-old was indicted on the charges along with two co-defendants in March. Sentencing for the guilty party has been set for October 8. He faces a maximum sentence of 40 years in prison and a maximum fine of $500,000. The guilty party organized a conspiracy to use Internet networking Web sites to get e-mail addresses of potential victims. The guilty party and others he directed contacted and convinced victims he was in the business of providing and marketing sources of venture capital, investment funds and business loans. The guilty party then told potential victims that he had access to an investment fund and venture capital through his company’s supposed consortium of private investors. He met with potential victims in Atlanta with the supposed purpose of hearing their business proposals to receive funding from the consortium. As a precondition for this funding, the victims were required to pay non-refundable advance expenses and fees. Source:

Information Technology

30. July 23, Computerworld – (International) Adobe promises patch for seven-month old Flash flaw. Adobe Systems Inc. on July 23 admitted its Flash and Reader software have a critical vulnerability and promised it would patch both next week. One security researcher, however, said Adobe’s own bug-tracking database shows that the company has known of the vulnerability for nearly seven months. In a security advisory posted around 10 p.m. Eastern time on July 22, Adobe acknowledged that earlier reports were on target. “A critical vulnerability exists in the current versions of Flash Player (v9.0.159.0 and v10.0.22.87) for Windows, Macintosh and Linux operating systems, and the authplay.dll component that ships with Adobe Reader and Acrobat v9.x for Windows, Macintosh and UNIX operating systems,” the company said. The “authplay.dll” mentioned in the advisory is the interpreter that handles Flash content embedded within PDF files, and is present on any machine equipped with Reader and Acrobat. Adobe said it would patch all versions of Flash by July 30, and Reader and Acrobat for Windows and Mac no later than July 31. Until a patch is available, Adobe said users could delete or rename authplay.dll, or disable Flash rendering to stymie attacks within malformed PDF files. Adobe did not offer any similar workaround for Flash and could only recommend that “users should exercise caution in browsing untrusted websites.” Source:

31. July 22, Deutsche Presse-Agentur – (International) Vietnam security firm in trouble after tracking hackers. The Vietnam Computer Emergency Response Team (VNCERT) has received an “official complaint” from its South Korean counterpart, the Korea Internet Security Center (KrCERT), about a Vietnamese cyber-security firm’s efforts to track down the source of computer virus attacks on Web sites in South Korea and the U.S., officials said on July 22. The virus attacks earlier this month on sensitive government and business Web sites in the U.S. and South Korea caused widespread concern. The source of the attacks was variously reported to be North Korea, Britain and elsewhere. “I am very frustrated with this case because I had not expected the way people would respond to our help,” said the director of leading Vietnamese cyber security company Bach Khoa Internetwork Security (BKIS). Shortly after the cyber-attacks were made public in early July, the BKIS center claimed to have traced the source of the attacks to a master server in Britain. Vietnamese media for the past few days quoted officials from VNCERT, the state-agency authorized to handle incidents that originate in Vietnam networks as well as reported by any foreign persons or institutions, as saying BKIS had breached Vietnamese and international rules during its investigation of the cyber-attacks. VNCERT said it had received an “official complaint” on July 16 from its Korean counterpart KrCERT, stating the South Korean agency had never requested BKIS to help investigate the attacks, as BKIS had claimed. “It is a very sensitive case,” said the director. “BKIS is only a small centre, but successful in finding the origin of attackers, and then we get in trouble.” Source:

32. July 22, CNET News – (International) Adobe investigating zero-day bug in Flash. Researchers on July 22 said they have uncovered attacks in the wild in which malicious Acrobat PDF files are exploiting a vulnerability in Flash and dropping a Trojan onto computers. The situation could affect tons of users since Flash exists in all popular browsers, is available in PDF files, and is largely operating system-independent. Any software that uses Flash could be vulnerable to the attack, according to Symantec. Adobe Reader is vulnerable because its Flash interpreter is vulnerable, said the principal researcher at Purewire, a Web security services provider. In a post on its Web site, Adobe said it “is aware of reports of a potential vulnerability in Adobe Reader and Acrobat 9.1.2 and Adobe Flash Player 9 and 10. We are currently investigating this potential issue and will have an update once we get more information.” “The authors of the exploit have managed to take a bug and turn it into a reliable exploit using a heap spray technique,” a researcher wrote on a Symantec Security blog post. “Typically an attacker would entice a user to visit a malicious Web site or send a malicious PDF via e-mail,” he writes. “Once the unsuspecting user visits the Web site or opens the PDF this exploit will allow further malware to be dropped onto the victim’s machine. The malicious PDF files are detected as Trojan.Pidief.G and the dropped files as Trojan Horse.” Source:

Communications Sector

33. July 22, Honolulu Star Bulletin – (Hawaii) AT&T restores service to Hawaii wireless customers. Service was restored last night to the AT&T customers in Hawaii who were unable to use their wireless phones on July 21 because of an equipment problem. “We apologize for any inconvenience to our customers as our technicians worked to resolve this issue,” said a statement this said on July 21 that customers were affected in different ways, depending on the type of phone used. Phone service for some customers was not affected, and other customers had intermittent service. The last time AT&T wireless had a widespread service disruption was in November 2008, when Oahu customers lost service for a little more than seven hours after an electrical power failure in Leeward and Central Oahu. Source: